STRIDE
- Tags
- security
A [see page 62, standard] for identifying threats which is an anagram for:
| Term | Description |
|---|---|
| Spoofing | Can an attacker gain access using a false identity? |
| Tampering | Can an attacker modify data as it flows through the app? |
| Repudiation | If an attacker denies doing something, can we prove he did it? |
| Information disclosure | Can an attacker gain access to private or potentially injurious data? |
| Denial of Service | Can an attacker crash or reduce the availability of the system? |
| Elevation of privilege | Can an attacker assume the identity of a privileged user? |
We list a bunch of threats, describe how an attacker may exploit them and then how we should prevent that.
TODO See [see page 64, definition and examples].